1) Field of the Invention
The present invention relates to a personal identification/authentication system using biometrics information (for example, fingerprint, voice, iris, retina, blood vessel, palm configuration, and signature) to be captured as image data or biometrics information (for example, voice, keystroke and dynamic signature) constituting time series data.
In the recent years, various types of apparatus have been developed to accomplish personal identification/authentication using biometrics information. In addition, such apparatus have increasingly been employed as a personal authentication system on a network. In a case in which this system is used as a person-concerned authentication system on a network, registered fingerprint data tend to be managed collectively (in a lump) in an apparatus called the “authentication server”. For example, in the case of the confirmation of the person concerned using fingerprint, a client side equipped with a fingerprint inputting device extracts fingerprint characteristic (or peculiarity) information and transfers the characteristic information to a server. The server side verifies the characteristic information to perform the processing such as access permission when confirming that the fingerprint pertains to the person concerned.
In such a personal authentication system, taking into consideration a possibility of altering the specification of the fingerprint inputting device at maintenance or update of version, a desire exists for handling a plurality of types of fingerprint inputting devices (fingerprint scanners).
Simultaneously, it is desired that the update of version or the like of a data verifying system can smoothly be made without re-registering biometrics characteristic information.
2) Description of the Related Art
Since a conventional personal authentication apparatus using biometrics information, such as a fingerprint verifying apparatus, has been developed for use in standalone applications, that apparatus manufacturing companies (vendors) employ their peculiar standards or formats for fingerprint verification. For this reason, for example, difficulty has been encountered in accomplishing the interface among systems employing fingerprint verifying apparatus manufactured by different companies.
In addition, the conventional personal authentication system depends greatly on a device for inputting biometrics information, and in the case of the fingerprint or the like, if the mode of reading in a scanner (biometrics information inputting device) or the resolution of a fingerprint image to be read by a scanner varies, difficulty is experienced in using personal fingerprint characteristic data [data extracted from fingerprint image data (biometrics information)] registered in advance for use in verification, which requires re-registration of all the fingerprint characteristic data using a new scanner.
Still additionally, also in a case in which a change of verification mode (method) of biometrics information takes place, the data structure to be used varies accordingly, which also makes it difficult to use the personal fingerprint characteristic data registered in advance for use in the verification, which requires the re-registration of all the fingerprint characteristic data according to a method agreeing with a new verifying mode whenever the verifying mode changes.
That is, in the conventional art, the biometrics information inputting device and the verification mode of the biometrics information are only in one-to-one relation, and the verification mode of the biometrics information and the biometrics characteristic data (data extracted from biometrics information) needed for that verification mode of the biometrics information are also in one-to-one correspondence. Accordingly, a change of the biometrics information inputting device or the verification mode of the biometrics information inhibits the use of the biometrics characteristic data extracted previously from the biometrics information and registered, and requires the re-registration of all the fingerprint characteristic data.
Referring here to FIGS. 34 and 35, a description will be given of a general configuration of a personal authentication system using biometrics information. FIG. 34 is a block diagram showing a configuration of a personal authentication system for use in entrance/exit management, while FIG. 35 is a block diagram showing a configuration of a personal computer connected type personal authentication system.
In FIG. 34, a personal authentication system 120 is for accomplishing personal identification/authentication through the use of fingerprint as biometrics information, and an electric lock control section 110 reads a personal fingerprint in the form of image data to, when fingerprint characteristic data (biometrics characteristic data) extracted from that image data matches fingerprint characteristic data registered in advance, unlock an electric lock (not shown) of a door 100 so that the door 100 is openable.
This personal authentication system 120 is made up of a control section 121, a fingerprint inputting section 122, a fingerprint image input control section 123, a fingerprint characteristic data extracting section 124, a fingerprint characteristic data registering section 125, a fingerprint characteristic data verifying section 126, a fingerprint verification result outputting section 127, and an ID number inputting section 128.
The control section 121 is made to generally manage and control the personal authentication system 120, the fingerprint inputting section 122 is made to acquire or collect a fingerprint as biometrics information in the form of image data, and the fingerprint image input control section 123 is designed to control the fingerprint capturing operation (inputting operation) of the fingerprint inputting section 122.
Furthermore, the fingerprint characteristic data extracting section 124 is for extracting fingerprint characteristic data from fingerprint image data captured through the fingerprint inputting section 122, the fingerprint characteristic data registering section 125 is for previously registering and retaining the registration fingerprint characteristic data extracted from the fingerprint image data, and the fingerprint characteristic data verifying section 126 is for verifying that verification fingerprint characteristic data on a person forming a subject of verification, obtained by the fingerprint inputting section 122 and the fingerprint characteristic data extracting section 124, matches the registration fingerprint characteristic data registered and retained in advance in the fingerprint characteristic data registering section 125.
Still furthermore, the fingerprint verification result outputting section 127 is for outputting the verification result from the fingerprint characteristic data verifying section 126 to the electric lock control section 110. If the verification result from the fingerprint verification result outputting section 127 indicates the correspondence (or equality), the electric lock control section 110 controls an electric lock of the door 100 into the unlatched condition. The ID number inputting section 128 is for inputting an ID number to the control section 121, for example, when the registration fingerprint characteristic data is registered in the fingerprint characteristic data verifying section 126 or when the data registered and retained in the fingerprint characteristic data verifying section 126 is altered/edited.
With the above-mentioned configuration, the personal authentication system 120, shown in FIG. 34, can be put to use for the personal authentication at the opening of the door 100 of a room in the entrance/exit management. When an entering/leaving person opens the door 100, the entering/leaving person makes the fingerprint inputting section 122 read his fingerprint so that the fingerprint is inputted to the personal authentication system 120 in the form of image data. The image data captured through the fingerprint inputting section 122 is inputted through the fingerprint image input control section 123 to the fingerprint characteristic data extracting section 124, where verification fingerprint characteristic data is extracted from the fingerprint image data. In the fingerprint characteristic data verifying section 126, this verification fingerprint characteristic data is compared with the registration fingerprint characteristic data on the subject of verification (entering/leaving person), previously registered and retained in the fingerprint characteristic data registering section 125. If these fingerprint characteristic data correspond, the fingerprint verification result outputting section 127 gives an unlatching instruction to the electric lock control section 110 which in turn, unlatches an electric lock (not shown) of the door 100 so that the door 100 is openable.
On the other hand, a personal authentication system 140, shown in FIG. 35, is designed to perform personal identification/authentication using a fingerprint as the biometrics in a condition connected to a personal computer 130. The a personal authentication system 140 is made up of a control section 141, a fingerprint inputting section 142, a fingerprint image input control section 143, a fingerprint characteristic data extracting section 144, a fingerprint characteristic data registering section 145, a fingerprint characteristic data verifying section 146, a fingerprint verification result outputting section 147, and an I/O control section 148.
In this configuration, the control section 141, the fingerprint inputting section 142, the fingerprint image input control section 143, the fingerprint characteristic data extracting section 144, the fingerprint characteristic data registering section 145, the fingerprint characteristic data verifying section 146 and the fingerprint verification result outputting section 147 correspond to the sections 121 to 127 in the above-mentioned personal authentication system 120, respectively, and the detailed description thereof will be omitted for brevity. The I/O control section 148 functions as an interface with respect to the personal computer 130 under the control of the control section 141 to send the fingerprint verification result, outputted from the fingerprint verification result outputting section 147, to the personal computer 130.
With the aforesaid configuration, in the personal authentication system 140 shown in FIG. 35, a person being a subject of verification also can make the fingerprint inputting section 142 read his fingerprint so that the fingerprint is inputted as image data. The fingerprint image data captured through the fingerprint inputting section 142 is inputted through the fingerprint image input control section 143 to the fingerprint characteristic data extracting section 144, where verification fingerprint characteristic data is extracted from the fingerprint image data. In the fingerprint characteristic data verifying section 146, this verification fingerprint characteristic data is verified with the registration fingerprint characteristic data on the same subject person of verification, registered and retained in advance in the fingerprint characteristic data registering section 145. The fingerprint verification result is fed through the fingerprint verification result outputting section 147 and the I/O control section 148 to the personal computer 130.
A description will be given hereinbelow of objects on the operation of a system employing a fingerprint-based personal authentication mode. At the initial use, a user registers his/her own biometrics information (fingerprint image data). At this time, a means to confirm the person himself/herself is necessary. Thus, in general, the registration of biometrics information is made in the presence of a super user having authority for management, alternatively the registration of biometrics information is done through the use of an expendable password issued first. In either case, the essential matter is the confirmation of correspondence between the registered biometrics information and the person himself/herself, and repetition of the biometrics information registering work causes very inconvenience, and even, as the number of times of re-registration increases, the probability of impersonation increases. In this case, the “impersonation” signifies that another person impersonates one specified person and registers his/her own fingerprint as the fingerprint of that specified person.
Meanwhile, not only the performance of a fingerprint capturing device (fingerprint inputting device or fingerprint scanner), including its size, has shown yearly improvement, but also the price thereof has shown a significant decrease. For the extension of the system introduced, it is preferable to employ a fingerprint capturing device low in cost and high in performance, whereas the conventional fingerprint verification system (personal authentication system) mentioned above depends greatly upon a device for inputting biometrics information, and difficulty has frequently been experienced in directly using the latest fingerprint capturing device.
In addition, the dependency of the system performance on specific hardware creates a problem in that the user side is required to secure the same devices while the system is in operation.
More specifically, in the case of the fingerprint capturing device, the correspondence between the resolutions of the fingerprint images respectively producing the verification data and the registered data is of the essence, and a need exists in that that the relationship in brightness (light intensity) between ridges (crests) and troughs (valleys) of a fingerprint image, depending on the fingerprint capturing mode, does not vary between the verification data and the registered data. Although a police organization such as the FBI has its own standard for the collection of fingerprints, seldom does a commercial low-cost apparatus conform to this standard.
Accordingly, if a fingerprint capturing device produced by a different device vendor is employed in update of system version or in system extension, then the re-registration of the fingerprints of all the users becomes essential as stated above. Likewise, a change of the verifying mode or the characteristic information for use in the verification leads to alterations in data structure to be used and, therefore, the re-registration of the fingerprints of all the users also becomes necessary as mentioned above. Such re-registration work involves the re-collection of the fingerprints of all the users and costs extremely much labor, and even, can create a undesirable chance of a wrongful act such as the aforesaid impersonation.
The above-mentioned objects also arise in the case of a combination of personal authentication techniques using a plurality of biometrics information such as fingerprint, voice, iris and face.